Slashdot Mirror


Due Diligence?

ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got a lot of press here on /. But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing. Two weeks after the release of the bug, over two thirds of the servers I sampled were still vulnerable. Even two weeks after the Slapper worm was announced, a third of the total servers were vulnerable. The paper can be found here in PDF or Postscript."

3 of 202 comments (clear)

  1. cause linux/oss/unix admins are all talk by Anonymous Coward · · Score: -1, Redundant

    they rant constantly about MS admins not keeping up with patch, not begin security aware, etc, but in reality, they are just as bad. Now my computer is flooded with port 137 requests, and i sit back and laugh.

  2. I updated, but I wasn't in a hurry by Anonymous Coward · · Score: -1, Redundant

    I first checked to see if I was vulnerable (also if I was infected), but since it takes a certificate (that I deliver) to initiate the connection with the server on my machine, I wasn't. Many connection attempts on port 443 though.

    But I updated anyway with the latest of everything (apache, openssl, mod_, etc.)

  3. False by mwalker · · Score: 3, Redundant
    Thanks to Antioffline.com for hosting us, and Gentoo's Portage system for catching the trojaned files via checksums.

    Gentoo had the OLD checksums, which is the reason it was caught. Everyone who checked the new checksums got owned. The Gentoo suspicions were confirmed by checking the Google cache.

    Gentoo basically caught this because they were so far behind the curve that they still had the old distribution. While it's a great argument not to use Gentoo, this kind of security-through-being-behind accident is not a security process, nor is it repeatable, nor should it be considered a success of the checksum system.